Small Secret CRT-Exponent Attacks on Takagi's RSA
CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the...
Gespeichert in:
| Veröffentlicht in: | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences Communications and Computer Sciences, 2011/01/01, Vol.E94.A(1), pp.19-27 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 27 |
|---|---|
| container_issue | 1 |
| container_start_page | 19 |
| container_title | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences |
| container_volume | E94.A |
| creator | SHINOHARA, Naoyuki IZU, Tetsuya KUNIHIRO, Noboru |
| description | CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if $p < N^{3/(4 + 2 \\sqrt{r(r+3)})}$ by the extended May's method, and if $p < N^{6/(5r + \\sqrt{13r^2 + 48r})}$ by the extended Bleichenbacher-May's method, when dq is arbitrary small. If r=1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice. |
| doi_str_mv | 10.1587/transfun.E94.A.19 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_889410909</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>889410909</sourcerecordid><originalsourceid>FETCH-LOGICAL-c510t-443cf4c4ff9c32e96d5b05bef62e62e1a2524bf1e7e11169fd5b31afb991f6543</originalsourceid><addsrcrecordid>eNplkEFLwzAYhoMoOKc_wFtvO7Xma5K2OZYxdSAI2zyHNH6Z3bp0Jhnov7djuovwwXv4nuc9vITcA81AVOVD9NoFe3DZTPKszkBekBGUXKTAWHlJRlRCkVaCVtfkJoQNpVDlwEcEljvddckSjceYTBerdPa17x26mNQxarMNSe-Sld7qdTsJyWJZ35Irq7uAd785Jm-Ps9X0OX15fZpP65fUCKAx5ZwZyw23VhqWoyzeRUNFg7bIcTjQuch5YwFLBIBC2uHPQNtGSrCF4GxMJqfeve8_Dxii2rXBYNdph_0hqKqSHKikciDhRBrfh-DRqr1vd9p_K6DquI76W0cN66hawdGZn5xNiHqNZ0P72JoO_xnnBHlmzIf2Ch37ASGXdDE</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>889410909</pqid></control><display><type>article</type><title>Small Secret CRT-Exponent Attacks on Takagi's RSA</title><source>J-STAGE (Japan Science & Technology Information Aggregator, Electronic) Freely Available Titles - Japanese</source><creator>SHINOHARA, Naoyuki ; IZU, Tetsuya ; KUNIHIRO, Noboru</creator><creatorcontrib>SHINOHARA, Naoyuki ; IZU, Tetsuya ; KUNIHIRO, Noboru</creatorcontrib><description>CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if $p < N^{3/(4 + 2 \\sqrt{r(r+3)})}$ by the extended May's method, and if $p < N^{6/(5r + \\sqrt{13r^2 + 48r})}$ by the extended Bleichenbacher-May's method, when dq is arbitrary small. If r=1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.</description><identifier>ISSN: 0916-8508</identifier><identifier>ISSN: 1745-1337</identifier><identifier>EISSN: 1745-1337</identifier><identifier>DOI: 10.1587/transfun.E94.A.19</identifier><language>eng</language><publisher>The Institute of Electronics, Information and Communication Engineers</publisher><subject>CRT-exponent ; Electronics ; Heuristic methods ; Integers ; Keys ; lattice ; LLL ; Takagi's RSA ; Upper bounds</subject><ispartof>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2011/01/01, Vol.E94.A(1), pp.19-27</ispartof><rights>2011 The Institute of Electronics, Information and Communication Engineers</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c510t-443cf4c4ff9c32e96d5b05bef62e62e1a2524bf1e7e11169fd5b31afb991f6543</citedby><cites>FETCH-LOGICAL-c510t-443cf4c4ff9c32e96d5b05bef62e62e1a2524bf1e7e11169fd5b31afb991f6543</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,778,782,1879,4012,27910,27911,27912</link.rule.ids></links><search><creatorcontrib>SHINOHARA, Naoyuki</creatorcontrib><creatorcontrib>IZU, Tetsuya</creatorcontrib><creatorcontrib>KUNIHIRO, Noboru</creatorcontrib><title>Small Secret CRT-Exponent Attacks on Takagi's RSA</title><title>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</title><addtitle>IEICE Trans. Fundamentals</addtitle><description>CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if $p < N^{3/(4 + 2 \\sqrt{r(r+3)})}$ by the extended May's method, and if $p < N^{6/(5r + \\sqrt{13r^2 + 48r})}$ by the extended Bleichenbacher-May's method, when dq is arbitrary small. If r=1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.</description><subject>CRT-exponent</subject><subject>Electronics</subject><subject>Heuristic methods</subject><subject>Integers</subject><subject>Keys</subject><subject>lattice</subject><subject>LLL</subject><subject>Takagi's RSA</subject><subject>Upper bounds</subject><issn>0916-8508</issn><issn>1745-1337</issn><issn>1745-1337</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2011</creationdate><recordtype>article</recordtype><recordid>eNplkEFLwzAYhoMoOKc_wFtvO7Xma5K2OZYxdSAI2zyHNH6Z3bp0Jhnov7djuovwwXv4nuc9vITcA81AVOVD9NoFe3DZTPKszkBekBGUXKTAWHlJRlRCkVaCVtfkJoQNpVDlwEcEljvddckSjceYTBerdPa17x26mNQxarMNSe-Sld7qdTsJyWJZ35Irq7uAd785Jm-Ps9X0OX15fZpP65fUCKAx5ZwZyw23VhqWoyzeRUNFg7bIcTjQuch5YwFLBIBC2uHPQNtGSrCF4GxMJqfeve8_Dxii2rXBYNdph_0hqKqSHKikciDhRBrfh-DRqr1vd9p_K6DquI76W0cN66hawdGZn5xNiHqNZ0P72JoO_xnnBHlmzIf2Ch37ASGXdDE</recordid><startdate>20110101</startdate><enddate>20110101</enddate><creator>SHINOHARA, Naoyuki</creator><creator>IZU, Tetsuya</creator><creator>KUNIHIRO, Noboru</creator><general>The Institute of Electronics, Information and Communication Engineers</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>FR3</scope><scope>JQ2</scope><scope>KR7</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20110101</creationdate><title>Small Secret CRT-Exponent Attacks on Takagi's RSA</title><author>SHINOHARA, Naoyuki ; IZU, Tetsuya ; KUNIHIRO, Noboru</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c510t-443cf4c4ff9c32e96d5b05bef62e62e1a2524bf1e7e11169fd5b31afb991f6543</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2011</creationdate><topic>CRT-exponent</topic><topic>Electronics</topic><topic>Heuristic methods</topic><topic>Integers</topic><topic>Keys</topic><topic>lattice</topic><topic>LLL</topic><topic>Takagi's RSA</topic><topic>Upper bounds</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>SHINOHARA, Naoyuki</creatorcontrib><creatorcontrib>IZU, Tetsuya</creatorcontrib><creatorcontrib>KUNIHIRO, Noboru</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>Engineering Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Civil Engineering Abstracts</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>SHINOHARA, Naoyuki</au><au>IZU, Tetsuya</au><au>KUNIHIRO, Noboru</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Small Secret CRT-Exponent Attacks on Takagi's RSA</atitle><jtitle>IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences</jtitle><addtitle>IEICE Trans. Fundamentals</addtitle><date>2011-01-01</date><risdate>2011</risdate><volume>E94.A</volume><issue>1</issue><spage>19</spage><epage>27</epage><pages>19-27</pages><issn>0916-8508</issn><issn>1745-1337</issn><eissn>1745-1337</eissn><abstract>CRT-RSA is a variant of RSA, which uses integers dp = d mod(p - 1) and dq = d mod(q - 1) (CRT-exponents), where d,p,q are the secret keys of RSA. May proposed a method to obtain the secret key in polynomial time if a CRT-exponent is small, moreover Bleichenbacher and May improved this method. On the other hand, Takagi's RSA is a variant of CRT-RSA, whose public key N is of the form prq for a given positive integer r. In this paper, we extend the May's method and the Bleichenbacher-May's method to Takagi's RSA, and we show that we obtain p in polynomial time if $p < N^{3/(4 + 2 \\sqrt{r(r+3)})}$ by the extended May's method, and if $p < N^{6/(5r + \\sqrt{13r^2 + 48r})}$ by the extended Bleichenbacher-May's method, when dq is arbitrary small. If r=1, these upper bounds conform to May's and Bleichenbacher-May's results respectively. Moreover, we also show that the upper bound of pr increase with an increase in r. Since these attacks are heuristic algorithms, we provide several experiments which show that we can obtain the secret key in practice.</abstract><pub>The Institute of Electronics, Information and Communication Engineers</pub><doi>10.1587/transfun.E94.A.19</doi><tpages>9</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0916-8508 |
| ispartof | IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2011/01/01, Vol.E94.A(1), pp.19-27 |
| issn | 0916-8508 1745-1337 1745-1337 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_889410909 |
| source | J-STAGE (Japan Science & Technology Information Aggregator, Electronic) Freely Available Titles - Japanese |
| subjects | CRT-exponent Electronics Heuristic methods Integers Keys lattice LLL Takagi's RSA Upper bounds |
| title | Small Secret CRT-Exponent Attacks on Takagi's RSA |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-15T18%3A45%3A18IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Small%20Secret%20CRT-Exponent%20Attacks%20on%20Takagi's%20RSA&rft.jtitle=IEICE%20Transactions%20on%20Fundamentals%20of%20Electronics,%20Communications%20and%20Computer%20Sciences&rft.au=SHINOHARA,%20Naoyuki&rft.date=2011-01-01&rft.volume=E94.A&rft.issue=1&rft.spage=19&rft.epage=27&rft.pages=19-27&rft.issn=0916-8508&rft.eissn=1745-1337&rft_id=info:doi/10.1587/transfun.E94.A.19&rft_dat=%3Cproquest_cross%3E889410909%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=889410909&rft_id=info:pmid/&rfr_iscdi=true |